package com.bootdo.app.common.xss;


public class SQLFilter {

    /**
     * sql 注入关键字
     */
    private static final String[] keyWords = {
            "benchmark(","sleep(","connection_id()","found_rows()","database()","user()","version()",
            "if(", "/*", "#","--", "' ", "';", "<script", " or "," and ",
            "master",// SQLServer 默认数据库
            "rename ","create ","grant ","use ","truncate ","insert ","select ","show ","delete ",
            "update ", "declare ", "alter ", "drop "
    };

    /**
     * sql注入
     * @param sql
     * @return true:存在sql注入风险 | false:不存在sql注入风险
     */
    public static boolean sqlInject(String sql){
        if(sql!=null){
            String sql_lowerCase = sql.toLowerCase();
            for(String keyWord : keyWords){
                if(sql_lowerCase.contains(keyWord)){
                    return true;
                }
            }
        }
        return false;
    }


}
